Transcript of "Srm admin-5-1"

1.
Site Recovery Manager Administration vCenter Site Recovery Manager 5.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs. EN-000863-00

7.
About VMware vCenter Site Recovery ManagerAdministration VMware vCenter Site Recovery Manager (SRM) is an extension to VMware vCenter Server that delivers a business continuity and disaster recovery solution that helps you plan, test, and run the recovery of vCenter Server virtual machines. SRM can discover and manage replicated datastores, and automate migration of inventory from one vCenter Server instance to another.Intended Audience This book is intended for SRM administrators who are familiar with vSphere and its replication technologies, such as host-based replication and replicated datastores. This solution serves the needs of administrators who want to configure protection for their vSphere inventory. It might also be appropriate for users who need to add virtual machines to a protected inventory or to verify that an existing inventory is properly configured for use with SRM.VMware, Inc. 7

9.
SRM Privileges, Roles, andPermissions 1 SRM provides disaster recovery by performing operations for users. These operations involve managing objects, such as recovery plans or protection groups, and performing operations, such as replicating or powering off virtual machines. SRM uses roles and permissions so that only users with the correct roles and permissions can perform operations. SRM adds several roles to vCenter Server, each of which includes privileges and permissions to complete SRM and vCenter Server tasks. You assign users to a role to permit them to complete tasks in SRM. Privilege The right to perform an action, for example to create a recovery plan or to modify a protection group. Role A collection of privileges. Default roles provide the privileges that certain users require to perform a set of SRM tasks, for example users who manage protection groups or perform recoveries. A user can have at most one role on an object, but roles can be combined if the user belongs to multiple groups that all have roles on the object. Permission A role granted to a particular user or user group on a specific object. A user or user group is also known as a principal. A permission is a combination of a role, an object, and a principal. For example, a permission is the privilege to modify a specific protection group. For information about the roles that SRM adds to vCenter Server and the privileges that users require to complete tasks, see “SRM Roles Reference,” on page 11. n How SRM Handles Permissions on page 10 SRM determines whether a user has permission to perform an operation when you configure protection on a virtual machine, rather than at the time that SRM performs the operation. n Assign Roles and Permissions on page 10 Permission assignments apply on a per-site basis. After installation, only vCenter Server administrators can log in to SRM. To allow other users access, vCenter Server administrators must grant them permissions in the SRM interface. You must add corresponding permissions on both sites. n SRM Roles Reference on page 11 SRM includes a set of roles. Each role includes a set of privileges, which enable users with those roles to complete different actions.VMware, Inc. 9

10.
Site Recovery Manager AdministrationHow SRM Handles Permissions SRM determines whether a user has permission to perform an operation when you configure protection on a virtual machine, rather than at the time that SRM performs the operation. After SRM verifies that a user has the appropriate permissions on the target vSphere resources, SRM performs operations on behalf of users by using the vSphere administrator role. For configuration operations, SRM validates user permissions when the user requests the operation. Operations other than configuration operations require two phases of validation. 1 During configuration, SRM verifies that the user configuring the system has the correct permissions to complete the configuration on the vCenter Server object. For example, a user must have permission to protect a virtual machine and use resources on a secondary vCenter Server that the recovered virtual machine uses. 2 The user performing the configuration must have the correct permissions to complete the task that they are configuring. For example, a user must have permissions to run a recovery plan. SRM then completes the task on behalf of the user as a vCenter Server administrator. As a result, a user who completes a particular task, such as a recovery, does not necessarily require permissions to act on vSphere resources. The role authorizes the action, but the action is performed by SRM acting as an administrator. SRM performs the operations by using the administrator credentials that you provide when you connect the protected and recovery sites. SRM maintains a database of permissions for internal SRM objects that uses a model similar to the one the vCenter Server uses. SRM verifies its own SRM privileges even on vCenter Server objects. For example, SRM checks for the Resource.Recovery Use permission on the target datastore rather than checking multiple low- level permissions, such as Allocate space.Assign Roles and Permissions Permission assignments apply on a per-site basis. After installation, only vCenter Server administrators can log in to SRM. To allow other users access, vCenter Server administrators must grant them permissions in the SRM interface. You must add corresponding permissions on both sites. SRM requires permissions on vCenter Server objects as well as on SRM objects. To configure permissions on the remote vCenter Server installation, start another instance of vSphere Client. You can change SRM permissions from the same interface on both sites after pairing. SRM augments vCenter Server roles and permissions with additional permissions that allow detailed control over SRM specific tasks and operations. You can use the SRM Assign Permissions window the same way that you use the Assign Permissions window in the vSphere Client. Procedure 1 Click Sites, and select the site for which you want to assign permissions. 2 Click the Permissions tab. 3 Right-click anywhere in the panel for either the local or remote sites and select Add Permission. 4 Select a role from the Assigned Role drop-down menu. This menu displays all the roles that SRM and vCenter Server make available. When you select a role, hierarchical list displays the privileges for that role. 5 Select Propagate to Child Objects to apply the selected role to all the child objects of the selected inventory object. 6 Click Add.10 VMware, Inc.

11.
Chapter 1 SRM Privileges, Roles, and Permissions 7 Identify a user or group for the role. a From the Domain drop-down menu, select the domain that contains the user or group. b Enter a name in the Search text box or select a name from the Name list. c Click Add and click OK. 8 Click OK to add the new permission. The list of permissions contains all users and groups that have roles assigned to the selected object and states in the hierarchy where those roles are assigned. What to do next Repeat the procedure to assign roles and permissions to users at the recovery site.SRM Roles Reference SRM includes a set of roles. Each role includes a set of privileges, which enable users with those roles to complete different actions. Roles can have overlapping sets of privileges and actions. For example, the SRM Administrator role and the SRM Protection Groups Administrator have the Create privilege for protection groups. With this privilege, the user can complete one aspect of the set of tasks that make up the management of protection groups. Assign roles to users on SRM objects consistently on both sites, so that protected and recovery objects have identical permissions. All users must have at least the System.Read privilege on the root folders of vCenter Server and the SRM root nodes on both sites.VMware, Inc. 11

19.
Creating SRM Placeholders andMappings 2 When you use SRM to configure the protection for virtual machines, you reserve resources on the recovery site by creating placeholders. You map the resources of the protected virtual machines to resources on the recovery site. n About Placeholder Virtual Machines on page 19 When you add a virtual machine or template to a protection group, SRM creates a placeholder virtual machine at the recovery site. n About Inventory Mappings on page 20 You must create inventory mappings so that SRM can create placeholder virtual machines. n About Placeholder Datastores on page 21 For every virtual machine in a protection group, SRM creates a placeholder virtual machine at the recovery site. You must identify a datastore on the recovery site in which SRM can store the placeholder virtual machines. n Configure Datastore Mappings for vSphere Replication on page 22 You configure datastore mappings to determine which datastores vSphere Replication uses to store replicated virtual machine disks and configuration files at the recovery site.About Placeholder Virtual Machines When you add a virtual machine or template to a protection group, SRM creates a placeholder virtual machine at the recovery site. SRM reserves a place for protected virtual machines in the inventory of the recovery site by creating a subset of virtual machine files. SRM uses that subset of files as a placeholder to register a virtual machine with vCenter Server on the recovery site. The presence of placeholder in the recovery site inventory provides a visual indication to SRM administrators that the virtual machines are protected. The placeholders also indicate to vCenter Server administrators that the virtual machines can power on and start consuming local resources when SRM tests or runs a recovery plan. When you recover a protected virtual machine by testing or running a recovery plan, SRM replaces its placeholder with the recovered virtual machine and powers it on according to the settings of the recovery plan. After a recovery plan test finishes, SRM restores the placeholders and powers off the virtual machines as part of the cleanup process.VMware, Inc. 19

20.
Site Recovery Manager Administration About Placeholder Virtual Machine Templates When you protect a template on the protected site, SRM creates the placeholder template by creating a virtual machine in the default resource pool of a compute resource and then by marking that virtual machine as a template. SRM selects the compute resource from the set of available compute resources in the datacenter on the recovery site to which the folder of the virtual machine on the protected site is mapped. All the hosts in the selected compute resource must have access to at least one placeholder datastore. At least one host in the compute resource must support the hardware version of the protected virtual machine template.About Inventory Mappings You must create inventory mappings so that SRM can create placeholder virtual machines. Inventory mappings provide a convenient way to specify how SRM maps virtual machine resources at the protected site to resources at the recovery site. SRM applies these mappings to all members of a protection group when you create the group. You can reapply mappings whenever necessary, for example when you add new members to a group. SRM does not enforce an inventory mapping requirement. If you create a protection group without defining inventory mappings, you must configure each protected virtual machine individually or use the Configure All option. SRM cannot protect a virtual machine unless it has valid inventory mappings for key virtual machine resources. n Networks n Folders n Compute resources n Placeholder datastores After you configure mappings at the protected site when you configure protection, configure inventory mappings at the recovery site to enable reprotect. When SRM creates a placeholder virtual machine, SRM derives its folder and compute resource assignments from inventory mappings that you establish at the protected site. A vCenter Server administrator at the recovery site can modify folder and compute resource assignments as necessary. Configuring Inventory Mappings for Individual Virtual Machines You can configure mappings for individual virtual machines in a protection group. If you create inventory mappings for a site, you can override them by configuring the protection of individual virtual machines. If you must override inventory mappings for some members of a protection group, use the vSphere Client to connect to the recovery site, and edit the settings of the placeholder virtual machines or move them to a different folder or resource pool. Changing Inventory Mappings If you change existing inventory mappings for a site, the changes do not affect virtual machines that SRM already protects. SRM only applies the new mappings to newly added virtual machines or if you repair a lost placeholder for a particular virtual machine. Because placeholder virtual machines do not support NICs, you cannot change the network configurations of placeholder virtual machines. You can only change the network for a placeholder virtual machine in the inventory mappings. If no mapping for a network exists, you can specify a network when you configure protection for an individual virtual machine. Changes that you make to the placeholder virtual machine override the settings that you establish when you configure the protection of the virtual machine. SRM preserves these changes at the recovery site during the test and recovery.20 VMware, Inc.

21.
Chapter 2 Creating SRM Placeholders and Mappings How SRM Applies Mappings During Reprotect During reprotect, SRM converts the virtual machines from the original protected site into placeholders, to protect the recovered virtual machines that were formerly the placeholder virtual machines on the recovery site. In most cases, the previously protected virtual machines and their devices are used during reprotect. If you add devices to a virtual machine after the virtual machine is recovered, or if original protected virtual machines are deleted, SRM uses mappings during reprotect. Select Inventory Mappings Inventory mappings provide default locations and networks for virtual machines to use when SRM creates placeholder virtual machines on the recovery site. Unless you intend to configure mappings individually for each member of a protection group, you should configure inventory mappings for a site before you create protection groups. Procedure 1 Click Sites in the left pane and select the site for which to configure inventory mappings. 2 Select a tab for a type of inventory object to configure. You can choose between the Resource Mappings tab, Folder Mappings tab, and Network Mappings tab. 3 Select an inventory object and click Configure Mapping. 4 Expand the inventory items and navigate to the network, folder, or resource pool on the recovery site to which to map the protected site resource. 5 (Optional) Select how to create the mapping: n Select an existing resource from the list. n Click New Folder or New Resource Pool to create a folder or resource pool on the recovery site to which to map. The selected resource appears in the Recovery Site Resources column, and its path relative to the root of the vCenter Server on the recovery site appears in the Recovery Site Path column. 6 Repeat Step 2 through Step 4 for any resource types for which to establish mappings.About Placeholder Datastores For every virtual machine in a protection group, SRM creates a placeholder virtual machine at the recovery site. You must identify a datastore on the recovery site in which SRM can store the placeholder virtual machines. After you select the datastore to contain the placeholder virtual machines, SRM reserves a place for protected virtual machines in the inventory on the recovery site. SRM creates a set of virtual machine files on the specified datastore at the recovery site and uses that subset to register the placeholder virtual machine with vCenter Server on the recovery site. When using array-based replication, to enable planned migration and reprotect, you must select placeholder datastores at both sites. Placeholder datastores must meet certain criteria. n For clusters, the placeholder datastores must be visible to all of the hosts in the cluster. n You cannot replicate placeholder datastores.VMware, Inc. 21

22.
Site Recovery Manager Administration Configure a Placeholder Datastore You can specify a placeholder datastore for SRM to use for the storage of placeholder virtual machines. Prerequisites Verify that you connected and paired the protected and recovery sites. Procedure 1 Select Sites in the left pane, and select a site 2 Click the Placeholder Datastores tab. 3 Click Configure Placeholder Datastore. 4 Expand the folders to find a datastore to designate as the location for placeholder virtual machines, click the datastore, and click OK. NOTE If an array manager is replicating datastores, but the array manager is not configured with SRM, the option to select the replicated datastore might be available. Do not select replicated datastores. Previously configured and replicated datastores appear but you cannot select them. The selected placeholder datastore appears in the Datastore column. If the datastore is on a standalone host, the host name appears. If the datastore is on a host that is in a cluster, the cluster name appears.Configure Datastore Mappings for vSphere Replication You configure datastore mappings to determine which datastores vSphere Replication uses to store replicated virtual machine disks and configuration files at the recovery site. You can use datastore mappings when you configure vSphere Replication for virtual machines as a way to select the default destination datastores. You configure datastore mappings from the source datastores of the virtual machines being configured for replication to destination datastores for the replicated files. A source datastore can be a single datastore that contains a single virtual machine, or it can be many datastores with many virtual machines with files spread across the datastores. When you configure replication for a single virtual machine, you can override the datastore mappings for a site, but when you configure replication for multiple virtual machines, you can use only the site-wide datastore mappings, and you cannot override them. Procedure 1 Click vSphere Replication in the left pane, and select a site. 2 Click the Datastore Mappings tab, and select a source datastore. 3 Click Configure Mapping. 4 Browse through the hierarchy of datastores at the recovery site and select a datastore to which to map.22 VMware, Inc.

23.
Replicating Virtual Machines 3 Before you create protection groups, you must configure replication on the virtual machines to protect. You can replicate virtual machines by using either array-based replication, vSphere Replication, or a combination of both. This information concerns replication using vSphere Replication. To configure array-based replication on virtual machines, consult the documentation from your storage array manager (SRA) vendor. This chapter includes the following topics: n “Configure Replication for a Single Virtual Machine,” on page 23 n “Configure Replication for Multiple Virtual Machines,” on page 24 n “Replicate Virtual Machines Using Replication Seeds,” on page 25 n “Move a Virtual Machine to a New vSphere Replication Server,” on page 26Configure Replication for a Single Virtual Machine vSphere Replication can protect individual virtual machines and their virtual disks by replicating them to another location. When you configure replication, you set a recovery point objective (RPO) to determine the period of time between replications. For example, an RPO of 1 hour seeks to ensure that a virtual machine loses no more than 1 hour of data during the recovery. For smaller RPOs, less data is lost in a recovery, but more network bandwidth is consumed keeping the replica up to date. Every time that a virtual machine reaches its RPO target, vSphere Replication records approximately 3800 bytes of data in the vCenter Server events database. If you set a low RPO period, this can quickly create a large volume of data in the database. To avoid creating large volumes of data in the vCenter Server events database, limit the number of days that vCenter Server retains event data. See Configure Database Retention Policy in the vCenter Server and Host Management Guide. Alternatively, set a higher RPO value. The available quiescing types are determined by the virtual machines operating system. Microsoft Volume Shadow Copy Service (VSS) quiescing is supported for Windows virtual machines running Windows Server 2003, XP, or newer. vSphere Replication does not support quiescing for Linux and older versions of Windows such as Windows 2000, so this option is unavailable for those operating systems. vSphere Replication supports file-system level quiescing for Windows 7 and Windows 2008 and application-level quiescing for Windows Server 2008 and Windows Server 8 operating systems. You configure replication by selecting all or a subset of the virtual machines disks. You specify the target location for your virtual machine. You can either replicate the whole virtual disk initially, or use the existing disk as a replication seed to limit the replication to just the parts of the disk that have changed since the last replication.VMware, Inc. 23

24.
Site Recovery Manager Administration Prerequisites Verify that you have deployed and connected vSphere Replication appliances and SRM Server instances at each site. Procedure 1 On the vSphere Client Home page, click VMs and Templates. 2 Browse the inventory to find the single virtual machine to replicate using vSphere Replication. 3 Right-click the virtual machine and click vSphere Replication. 4 Use the RPO slider or enter a value to configure the maximum amount of data that can be lost in the case of a site failure. The available range is from 15 minutes to 24 hours. 5 Select a Guest OS Quiescing configuration, if applicable to the source virtual machine operating system. 6 If no target file location is specified or to override the default determined by the datastore mappings, click Browse to select a target location for the virtual machine. Option Description Place virtual machine in a datastore Select a datastore and click OK. directly Place virtual machine in a specific Select Specify datastore folder, click Browse to locate the folder, then folder in a datastore double-click the desired folder. 7 Select a replication destination for each media device for the virtual machine. The next pages are created dynamically depending on the media devices installed on the virtual machine. They might include multiple virtual drives, all of which you can configure individually. Configurable settings include whether the virtual drive is replicated, the virtual drives replication destination, and information about how the replicated virtual drive is configured. If the disk is to be replicated, select a replication destination for the disk before proceeding. 8 Accept the automatic assignment of a vSphere Replication server or select a particular server on the target site. 9 Review the settings and click Finish to establish replication.Configure Replication for Multiple Virtual Machines vSphere Replication can replicate multiple virtual machines. When you configure replication, you set a recovery point objective (RPO) to determine the period of time between replications. For example, an RPO of 1 hour seeks to ensure that a virtual machine loses no more than 1 hour of data during the recovery. For smaller RPOs, less data is lost in a recovery, but more network bandwidth is consumed keeping the replica up to date. Every time that a virtual machine reaches its RPO target, vSphere Replication records approximately 3800 bytes of data in the vCenter Server events database. If you set a low RPO period, this can quickly create a large volume of data in the database. To avoid creating large volumes of data in the vCenter Server events database, limit the number of days that vCenter Server retains event data. See Configure Database Retention Policy in the vCenter Server and Host Management Guide. Alternatively, set a higher RPO value.24 VMware, Inc.

25.
Chapter 3 Replicating Virtual Machines The available quiescing types are determined by the virtual machines operating system. Microsoft Volume Shadow Copy Service (VSS) quiescing is supported for Windows virtual machines running Windows Server 2003, XP, or newer. vSphere Replication does not support quiescing for Linux and older versions of Windows such as Windows 2000, so this option is unavailable for those operating systems. vSphere Replication supports file-system level quiescing for Windows 7 and Windows 2008 and application-level quiescing for Windows Server 2008 and Windows Server 8 operating systems. Prerequisites To replicate virtual machines using vSphere Replication, you must deploy the vSphere Replication appliance at the primary and secondary sites. You must power on the virtual machines to begin replication. Before you replicate multiple machines, configure datastore mappings in the SRM user interface. You configure the mappings so that information is available to SRM regarding the target datastore destinations for replication. Procedure 1 On the vSphere Web Client Home page, click VMs and Templates. 2 Select a folder or datacenter in the left pane and click the Virtual Machines tab. 3 Select the virtual machines to replicate using the Ctrl or Shift keys. 4 Right-click the virtual machines and click vSphere Replication. 5 Use the RPO slider or enter a value to configure the maximum amount of data that can be lost in the case of a site failure. The available range is from 15 minutes to 24 hours. 6 Select a Guest OS Quiescing configuration, if applicable to the source virtual machine operating system. 7 (Optional) Choose whether to enable Initial copies of .vmdk files have been placed on the target datastore. Select this option if you have physically copied VMDK files to the target site for use as replication seeds. SRM uses datastore mappings and source virtual machine information to find and use initial copies. SRM shows progress and status as it searches for initial copies. You can stop the search process or start it again. 8 Accept the automatic assignment of a vSphere Replication server or select a particular server on the target site. 9 Review the settings and click Finish to establish replication. 10 Select the vSphere Replication view in the SRM interface. 11 Select the remote vSphere Replication site and click the Virtual Machines tab. If you have configured the datastore mappings for vSphere Replication, the virtual machines synchronize with the target site. What to do next If you did not configure the datastore mappings for vSphere Replication before configuring replication, the virtual machines appear in red with the status Datastore mappings were not configured. Reconfigure vSphere Replication on the virtual machines manually.Replicate Virtual Machines Using Replication Seeds You can make the initial replication of VDMK files more efficient by physically moving files onto a storage device. vSphere Replication uses the physically moved files as replication seeds. You might need to use replication seeds if it is not practical to copy the files over the network because the amount of data is too large, the bandwidth available is too small, or some combination of the two.VMware, Inc. 25

26.
Site Recovery Manager Administration When replicating virtual machines, ensure that virtual machines are replicated to subdirectories in datastores. Copied disks work if the transfer method preserves the identity information stored in the VMDK file. Prerequisites To replicate a virtual machine using vSphere Replication, you must establish the vSphere Replication infrastructure at both sites. The SRM Server instances at each site must be paired, and the vSphere Replication appliances must be paired. If a virtual machine is powered off, replication begins when the virtual machine is powered on. Procedure 1 Use the vSphere Client to connect to a vCenter Server that can manage the virtual machines to be physically moved. 2 Click Datastores. 3 In the left pane, browse to the datastore that contains the files for the virtual machine, select the datastore, and in the right pane, click Browse this datastore. 4 Select the folders for all virtual machines to be physically moved, right-click the selection, and click Download. 5 Select a destination to which to copy the files and click OK. 6 Click Yes. 7 After the download finishes, transfer the files to a location on the paired site to upload them. 8 On the vSphere Client Home page at the paired site, click Datastores. 9 In the left pane, browse to the datastore to contain the files for the virtual machine, select the datastore, and in the right pane, click Browse this datastore. 10 Select the folder to contain the copies of the virtual machines, right-click the selection, and click Upload Folder. 11 Select the folder containing the virtual machines, and click OK.Move a Virtual Machine to a New vSphere Replication Server After establishing vSphere Replication, you can move the virtual machines that you replicate to other vSphere Replication servers. You might do this to complete maintenance tasks on existing servers or to balance the load on the servers if one server becomes overloaded with virtual machines. Procedure 1 Select the vSphere Replication view of the SRM client. 2 Select a vSphere Replication server and click the Virtual Machines tab. 3 Right-click a virtual machine on which you have configured replication and select Move to. 4 Select a vSphere Replication server and click Next. 5 Review the information about the planned move, and click Finish.26 VMware, Inc.

27.
Creating Protection Groups 4 After you configure a replication solution, you can create protection groups. A protection group is a collection of virtual machines and templates that you protect together by using SRM. You include one or more protection groups in each recovery plan. A recovery plan specifies how SRM recovers the virtual machines in the protection groups that it contains. You must configure the virtual machines in a protection group so that SRM can add them to the vCenter Server inventory at the recovery site. You configure virtual machines and create protection groups differently depending on whether you use array- based replication or vSphere Replication. You cannot create protection groups that combine virtual machines for which you configured array-based replication with virtual machines for which you configured vSphere Replication. However, you can include array-based protection groups and vSphere Replication protection groups in the same recovery plan. n About Array-Based Protection Groups and Datastore Groups on page 27 When you create a protection group for array-based replication, you specify array information and then SRM computes the set of virtual machines into a datastore group. Datastore groups contain all the files of the protected virtual machines. n Create vSphere Replication Protection Groups on page 30 You can create protection groups that contain virtual machines that vSphere Replication protects. n Apply Inventory Mappings to All Members of a Protection Group on page 31 When you create a protection group for either vSphere Replication or array-based replication, SRM applies your inventory mappings to all the virtual machines in the protection group. If you change the inventory mappings, add virtual machines to a protected datastore, or if the virtual machines lose their protection, you can reapply the mappings to all unconfigured virtual machines in one step.About Array-Based Protection Groups and Datastore Groups When you create a protection group for array-based replication, you specify array information and then SRM computes the set of virtual machines into a datastore group. Datastore groups contain all the files of the protected virtual machines. Protection groups consist of virtual machines that use the same datastore group. A datastore group consists of consistency groups. All of the virtual machines and templates in a consistency group replicate their files together, and all the virtual machines in the consistency group recover together. You can have a virtual machine with files on different datastores. In this case, SRM combines the datastores that contain files for a single virtual machine to create a datastore group.VMware, Inc. 27

28.
Site Recovery Manager Administration A datastore group is the smallest unit of storage that SRM can recover or test independently. When you create an array-based protection group, it initially contains only those virtual machines that store all of their files on one of the datastore groups that SRM associates with the protection group. A protection group can contain one or more datastore groups, but a datastore group can belong to only one protection group. You can add virtual machines to a protection group by creating them on one of the datastores that belong to the datastore groups that SRM associates with the protection group. You can also add virtual machines to the protection group by using Storage vMotion to move their storage to one of the datastores in the datastore group. You can remove a member from a protection group by moving the virtual machines files to another datastore. To configure array-based replication, you must assign each virtual machine to a resource pool, folder, and network that exist at the recovery site. You can specify defaults for these assignments by selecting inventory mappings. SRM applies inventory mappings when you create the protection group. If you do not specify inventory mappings, you must configure them individually for each member of the protection group. SRM does not protect virtual machines that you did not configure or that you incorrectly configured for replication, even if they reside on a protected datastore. n How SRM Computes Datastore Groups on page 28 SRM determines the composition of a datastore group by the set of virtual machines that have files on the datastores in the group, and by the devices on which those datastores are stored. n Create Array-Based Protection Groups on page 29 You create array-based protection groups to enable the protection of virtual machines in datastore groups that you configure to use array-based replication. n Edit Array-Based Protection Groups on page 30 You can change the name and description of an array-based protection group and add or remove datastore groups that are part of the protection group. How SRM Computes Datastore Groups SRM determines the composition of a datastore group by the set of virtual machines that have files on the datastores in the group, and by the devices on which those datastores are stored. When you use array-based replication, each storage array supports a set of replicated devices. On storage area network (SAN) arrays that use connection protocols such as Fibre Channel and iSCSI, these devices are called logical storage units (LUN) and are composed of one or more physical devices. On network file system (NFS) arrays, the replicated devices are typically referred to as volumes. In every pair of replicated storage devices, one device is the replication source and the other is the replication target. Data written to the source device is replicated to the target device on a schedule controlled by the replication software of the array. When you configure SRM to work with an SRA, the replication source is at the protected site and the replication target is at the recovery site. A datastore provides storage for virtual machine files. By hiding the details of physical storage devices, datastores simplify the allocation of storage capacity and provide a uniform model for meeting the storage needs of virtual machines. Because any datastore can span multiple devices, SRM must ensure that all devices backing the datastore are replicated before it can protect the virtual machines that use that datastore. SRM must ensure that all devices containing protected virtual machine files are replicated. During a recovery or test, SRM must handle all such devices together. To achieve this goal, SRM aggregates datastores into datastore groups to accommodate virtual machines that span multiple datastores. SRM regularly checks that datastore groups contain all necessary datastores to provide protection for the appropriate virtual machines. When necessary, SRM recalculates datastore groups. For example, this can occur when you add new devices to a virtual machine, and you store those devices on a datastore that was not previously a part of the datastore group.28 VMware, Inc.

29.
Chapter 4 Creating Protection Groups A datastore group consists of the smallest set of devices required to ensure that if any of a virtual machines files is stored on a device in the group, all of the virtual machines files are stored on devices that are part of the same group. For example, if a virtual machine has disks on two different datastores, then SRM combines both datastores into a datastore group. SRM also combines devices into datastore groups according to set criteria. n A virtual machine has files on two different datastores. n Two virtual machines share a raw disk mapping (RDM) device on a SAN array, as in the case of a Microsoft cluster server (MSCS) cluster. n Two datastores span extents corresponding to different partitions of the same device. n A single datastore spans two extents corresponding to partitions of two different devices. n Multiple devices belong to a consistency group. A consistency group is a collection of replicated devices where every state of the target set of devices existed at a specific time as the state of the source set of devices. Informally, the devices are replicated together such that when recovery happens using those devices, software accessing the targets does not see the data in a state that the software is not prepared to deal with. Create Array-Based Protection Groups You create array-based protection groups to enable the protection of virtual machines in datastore groups that you configure to use array-based replication. SRM discovered the datastore groups when you configured the array managers. SRM replicates to the recovery site each datastore group that you select. After you create a protection group, SRM creates placeholder virtual machines and applies inventory mappings for each virtual machine in the group. If SRM cannot map a virtual machine to a folder, network, and resource pool on the recovery site, SRM sets the virtual machine in the Mapping Missing status, and does not create a placeholder for it. You can organize protections groups in folders. Different views in the Recovery interface display the names of the recovery groups, but they do not display the folder names. If you have two protection groups with the same name in different folders, it might be difficult to tell them apart in some views in the Recovery interface. Consequently, ensure that protection names are unique across all folders. In environments in which not all users have view privileges for all folders, to be sure of the uniqueness of protection group names, do not place protection groups in folders. When you create protection groups, wait to ensure that the operations finish as expected. Make sure that SRM creates the protection group and that the protection of the virtual machines in the group is successful. Procedure 1 Click Protection Groups, and click Create Protection Group. 2 On the Select a Site and Protection Group Type page, select which site to protect and select Array Based Replication. 3 Select an array pair, and click Next. 4 Select a datastore group from the list, and click Next. When you select a datastore group, the virtual machines in that datastore group appear in the Virtual Machines on the Selected Datastore Group pane, and are marked for inclusion in the protection group after you create the protection group. 5 Type a name and optional description for the protection group, and click Next.VMware, Inc. 29

30.
Site Recovery Manager Administration 6 Click Finish to create the protection group and begin the protection of the specified virtual machines. You can monitor the progress of the tasks to create the protection group and protect the virtual machines in the Recent Tasks panel of the vSphere Client. What to do next Create a recovery plan with which to associate your protection groups. See “Create a Recovery Plan,” on page 37. Edit Array-Based Protection Groups You can change the name and description of an array-based protection group and add or remove datastore groups that are part of the protection group. Procedure 1 Click Protection Groups, right-click an array-based protection group and select Edit Protection Group. 2 Click Next. 3 Add or remove datastore groups in the protection group and click Next. 4 Edit the name or description of the protection group and click Next. 5 Click Finish.Create vSphere Replication Protection Groups You can create protection groups that contain virtual machines that vSphere Replication protects. You can organize protections groups in folders. Different views in the Recovery interface display the names of the recovery groups, but they do not display the folder names. If you have two protection groups with the same name in different folders, it might be difficult to tell them apart in some views in the Recovery interface. Consequently, ensure that protection names are unique across all folders. In environments in which not all users have view privileges for all folders, to be sure of the uniqueness of protection group names, do not place protection groups in folders. When you create a vSphere Replication protection group, you can add to the protection group any virtual machines that you configured for vSphere Replication. Prerequisites Use the vSphere Client to configure vSphere Replication for virtual machines. See “Configure Replication for a Single Virtual Machine,” on page 23 or “Configure Replication for Multiple Virtual Machines,” on page 24. Procedure 1 Click Protection Groups and click Create Protection Group. 2 Select the site to be the protected site, select vSphere Replication, and click Next. 3 Select virtual machines from the list and click Next. Only virtual machines that you configured for vSphere Replication and that are not already in a protection group appear in the list. 4 Type a name and optional description for the protection group, and click Next. 5 Click Finish to create the protection group. What to do next Create a recovery plan with which to associate your protection groups. See “Create a Recovery Plan,” on page 37.30 VMware, Inc.

31.
Chapter 4 Creating Protection Groups Edit vSphere Replication Protection Groups You can edit a vSphere Replication protection group to change its name and to add virtual machines to the group. Procedure 1 Click Protection Groups in the left pane and right-click a protection group. 2 Select Edit Protection Group and click Next. You cannot change the Protected Site or Protection Group Type settings. 3 Add virtual machines to the protection group and click Next. 4 Edit the name or description of the protection group and click Next. 5 Click Finish.Apply Inventory Mappings to All Members of a Protection Group When you create a protection group for either vSphere Replication or array-based replication, SRM applies your inventory mappings to all the virtual machines in the protection group. If you change the inventory mappings, add virtual machines to a protected datastore, or if the virtual machines lose their protection, you can reapply the mappings to all unconfigured virtual machines in one step. Procedure 1 Click Protection Groups in the left pane, select a protection group, and click the Virtual Machines tab. 2 Click Configure All.VMware, Inc. 31

33.
Creating, Testing, and RunningRecovery Plans 5 After you configure SRM at the protected and recovery sites, you can create, test, and run a recovery plan. A recovery plan is like an automated run book. It controls every step of the recovery process, including the order in which SRM powers on and powers off virtual machines, the network addresses that recovered virtual machines use, and so on. Recovery plans are flexible and customizable. A recovery plan includes one or more protection groups. You can include a protection group in more than one recovery plan. For example, you can create one recovery plan to handle a planned migration of services from the protected site to the recovery site, and another plan to handle an unplanned event such as a power failure or natural disaster. Having these different recovery plans allows you to decide how to perform recovery. Testing a recovery plan runs the plan without affecting services at the protected or recovery sites, apart from powering off any virtual machines on the recovery site if you configure the recovery plan to do so. You can perform planned migrations from the protected site to the recovery site or disaster recoveries by running a recovery plan. You can run only one recovery plan at a time to recover a particular protection group. If you simultaneously test or run multiple recovery plans that specify the same protection group, only one recovery plan can fail over the protection group. Other running recovery plans that specify the same protection group report warnings for that protection group and the virtual machines it contains. The warnings explain that the virtual machines were recovered, but do not report other protection groups that the other recovery plans cover. n Testing a Recovery Plan on page 34 When you create or modify a recovery plan, test it before you try to use it for planned migration or for disaster recovery. n Performing a Planned Migration or Disaster Recovery By Running a Recovery Plan on page 34 You can run a recovery plan under planned circumstances to migrate virtual machines from the protected site to the recovery site. You can also run a recovery plan under unplanned circumstances if the protected site suffers an unforeseen event that might result in data loss. n Differences Between Testing and Running a Recovery Plan on page 35 Testing a recovery plan has no lasting effects on either the protected site or the recovery site, but running a recovery plan has significant effects on both sites. n How SRM Interacts with DPM and DRS During Recovery on page 36 Distributed Power Management (DPM) and Distributed Resource Scheduler (DRS) are not mandatory, but SRM supports both services and enabling them provides certain benefits when you use SRM. n Create, Test, and Run a Recovery Plan on page 36 You perform several sets of tasks to create, test, and run a recovery plan.VMware, Inc. 33

34.
Site Recovery Manager Administration n Cancel a Test or Recovery on page 40 You can cancel a recovery plan test at any time during its run. You can cancel a planned migration or disaster recovery at certain times during its run. n Delete a Recovery Plan on page 40 You can delete a recovery plan if you do not need it.Testing a Recovery Plan When you create or modify a recovery plan, test it before you try to use it for planned migration or for disaster recovery. By testing a recovery plan, you ensure that the virtual machines that the plan protects recover correctly to the recovery site. If you do not test recovery plans, an actual disaster recovery situation might not recover all virtual machines, resulting in data loss. Testing a recovery plan exercises nearly every aspect of a recovery plan, although SRM makes several concessions to avoid disrupting ongoing operations on the protected and recovery sites. Recovery plans that suspend local virtual machines do so for tests as well as for actual recoveries. With this exception, running a test recovery does not disrupt replication or ongoing activities at either site. You can run test recoveries as often as necessary. You can cancel a recovery plan test at any time. Permission to test a recovery plan does not include permission to run a recovery plan. Permission to run a recovery plan does not include permission to test a recovery plan. You must assign each permission separately. See “Assign Roles and Permissions,” on page 10. Test Networks and Datacenter Networks When you test a recovery plan, SRM can create a test network that it uses to connect recovered virtual machines. Creating a test network allows the test to run without potentially disrupting virtual machines in the production environment. The test network is managed by its own virtual switch, and in most cases recovered virtual machines can use the network without having to change network properties such as IP address, gateway, and so on. You use the test network by selecting Auto when you configure the network settings when you run a test. A datacenter network is a network that typically supports existing virtual machines at the recovery site. To use it, recovered virtual machines must conform to its network address availability rules. These virtual machines must use a network address that the networks switch can serve and route, must use the correct gateway and DNS host, and so on. Recovered virtual machines that use DHCP can connect to this network without additional customization. Other virtual machines require IP customization and additional recovery plan steps to apply the customization. You must recover any virtual machines that must interact with each other to the same test network. For example, if a Web server accesses information on a database, those Web server and database virtual machines should recover together to the same network.Performing a Planned Migration or Disaster Recovery By Running aRecovery Plan You can run a recovery plan under planned circumstances to migrate virtual machines from the protected site to the recovery site. You can also run a recovery plan under unplanned circumstances if the protected site suffers an unforeseen event that might result in data loss. During a planned migration, SRM synchronizes the virtual machines on the recovery site with the virtual machines on the protected site, then stops replication. SRM attempts to replicate all virtual machines and gracefully shut down the protected machines. If errors occur during a planned migration, the plan stops so that you can resolve the errors and rerun the plan. You can reprotect the virtual machines after the recovery.34 VMware, Inc.

35.
Chapter 5 Creating, Testing, and Running Recovery Plans During disaster recoveries, SRM restores virtual machines on the recovery site to their most recent available state, according to the recovery point objective (RPO). When you run a recovery plan to perform a disaster recovery, SRM attempts to shut down the virtual machines on the protected site. If SRM cannot shut down the virtual machines, SRM still starts the copies at the recovery site, and automatic reprotect might not be possible. If SRM detects that a datastore on the protected site is in the all paths down (APD) state and is preventing a virtual machine from shutting down, SRM waits for a period before attempting to shut down the virtual machine again. The APD state is usually transient, so by waiting for a datastore in the APD state to come back online, SRM can gracefully shut down the protected virtual machines on that datastore. After SRM completes the final replication, SRM makes changes at both sites that require significant time and effort to reverse. Because of this time and effort, you must assign the privilege to test a recovery plan and the privilege to run a recovery plan separately. Running a Recovery with Forced Recovery If the protected site is offline and SRM cannot perform its usual tasks, you can run the recovery with the forced recovery option. Forced recovery is for use in cases where storage arrays fail at the protected site and, as a result, protected virtual machines are unmanageable and cannot be shut down, powered off, or unregistered. In such a case, the system state cannot be changed for extended periods. To resolve this situation, you can force failover. Forcing failover does not complete the process of shutting down the virtual machines at the protected site. As a result, a split-brain scenario occurs, but the recovery might complete more quickly. Running forced recovery with array-based replication can affect the mirroring between the protected and the recovery storage arrays. After you run forced recovery, you must check that mirroring is set up correctly between the protected array and the recovery array before you can perform further replication operations. If mirroring is not set up correctly, you must repair the mirroring by using the storage array software. When you enable forced recovery, any outstanding changes on the protection site are not replicated to the recovery site before the failover sequence begins. Replication of the changes occurs according to the recovery point objective (RPO) period of the storage array. If a new virtual machine or template is added on the protection site and failover is initiated before the storage RPO period has elapsed, the new virtual machine or template does not appear on the replicated datastore and is lost. To avoid losing the new virtual machine or template, wait until the end of the RPO period before running the recovery plan with forced recovery. After the forced recovery completes and you have verified the mirroring of the storage arrays, you can resolve the issue that necessitated the forced recovery. After you resolve the underlying issue, run planned migration on the recovery plan again, resolve any problems that occur, and rerun the plan until it finishes successfully. Running the recovery plan again does not affect the recovered virtual machines at the recovery site.Differences Between Testing and Running a Recovery Plan Testing a recovery plan has no lasting effects on either the protected site or the recovery site, but running a recovery plan has significant effects on both sites. You need different privileges when testing and running a recovery plan. Table 5-1. How Testing a Recovery Plan Differs from Running a Recovery Plan Area of Difference Test a Recovery Plan Run a Recovery Plan Required privileges Requires Site Recovery Requires Site Recovery Manager.Recovery Plans.Test Manager.Recovery Plans.Recovery. permission. Effect on virtual machines at None SRM shuts down virtual machines in protected site reverse priority order.VMware, Inc. 35